Pages: [1] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 0 post(s) |
Jerid Verges
|
Posted - 2010.03.01 02:19:00 -
[1]
One thing I have noticed in Eve has been the recent large increase in account hacking on Eve. Security is a big concern with players and there are a number of ideas floating about on how to make accounts more secure.
This idea is not meant to really protect an account, but rather hanger assets and possibly Isk.
Now, a few years ago, back in my Runescape playing days. Jagex introduced a new feature into their MMORPG (In response to increasing security breaches). Their system was an optional ingame PIN code keypad.
Basically, in order to access your bank (Which in Runescape, meant all of your items and money world wide). A player would have to insert an X-number passcode to be allowed access to their bank. When accessing a bank, a keypad would display on the game and the players would click the appropriate code. (Too many failures I believe locked you out for a bit).
Due to this, the number accounts with their items stolen before the account could be properly repossessed decreased dramatically in Runescape.
Obviously there are a few fundamental differences between Runescape and Eve considering Banks/Hangers (In Eve items can only be accessed at the hanger you left them in. And unlike Runescape, Isk is a digital credit rather then an item).
However, implementing this sort of option could stop account hackers from being able to get to your hanger. (Since they would need the PIN). The program is also insusceptible to keyloggers. And possibly could be implemented to player donations/other wallet features.
Thoughts?
|
Soon Shin
|
Posted - 2010.03.01 17:38:00 -
[2]
I would say that is certainly not a bad idea. I know a friend who lost all his stuff because someone hacked his account. If it was gameplay wise that he got his stuff stolen, its fair, but hacking accounts is total illegitimate and uncool.
|
mchief117
|
Posted - 2010.03.01 18:51:00 -
[3]
+1 for original idea
though to make this lock pad sequire against hacking it would have to be a ingame key pad that cant be entered with number keys , ie point and click. reason is any key loger that captured your accounts password will just as easaly catch your hanger password if you can type it
|
Soon Shin
|
Posted - 2010.03.01 21:09:00 -
[4]
You Should post this up on assembly hall. I'm quite sure it would unanimously supported or nearly atleast.
|
Valandril
Caldari Ex-Mortis
|
Posted - 2010.03.01 21:10:00 -
[5]
Yea.... no If he will steal your password, he will get your "code" too, using "virtual keypad" doesn't change anything.
|
Jerid Verges
|
Posted - 2010.03.01 23:20:00 -
[6]
Edited by: Jerid Verges on 01/03/2010 23:22:23
Originally by: Valandril Yea.... no If he will steal your password, he will get your "code" too, using "virtual keypad" doesn't change anything.
I think you fail to understand how a PIN code works. You may get the credit card, but if you don't have a PIN code you can't use it to buy things (Unless you're online). You can't get the code just be stealing a password. It doesn't work like that.
Quote: though to make this lock pad sequire against hacking it would have to be a ingame key pad that cant be entered with number keys , ie point and click. reason is any key loger that captured your accounts password will just as easaly catch your hanger password if you can type it
The whole point of the PIN code is that it is untypeable. The code is entered using mouse input.
|
Soon Shin
|
Posted - 2010.03.02 00:11:00 -
[7]
Originally by: Valandril Yea.... no If he will steal your password, he will get your "code" too, using "virtual keypad" doesn't change anything.
Wrong. You are not typing the code. A number pad appears on the client, you click on the numbers on your mouse to enter the pin. Keyloggers won't be able to read stuff from mouse clicking.
|
Zeppish Floogle
|
Posted - 2010.03.02 00:36:00 -
[8]
For account security, Two Factor Authentication is the way to go. If a hacker sells a character or steals PLEX, that's REAL WORLD MONEY that is getting stolen. (It happened to my corp, too.) Check out the Blizzard site to see how Authenticators work and notice how inexpensive the physical tokens are!
The mouse click keypad is also a good idea. It should be implemented on the secure containers as well as the corp hangars. And it doesn't need to be restricted to just numbers. Go ahead and include an entire keyboard layout.
|
Jerid Verges
|
Posted - 2010.03.02 00:57:00 -
[9]
Originally by: Zeppish Floogle
The mouse click keypad is also a good idea. It should be implemented on the secure containers as well as the corp hangars. And it doesn't need to be restricted to just numbers. Go ahead and include an entire keyboard layout.
Hmm. Good idea with the SCs and Corp hangers. Though, I can only imagine the corp thiefs crying.
I'm not sure about how I feel on an entire keyboard. That might just be tedious. A few numbers should be good enough. (I never really got 'uber secure passwords') Unless your password is not named 'Password' I doubt people will guess them.
|
malfoy
|
Posted - 2010.03.02 01:45:00 -
[10]
so if someone screen shot every mouse click the number pad would be black on the screenshot? don't trust it right now. bad idea.
|
|
Jerid Verges
|
Posted - 2010.03.02 03:04:00 -
[11]
Originally by: malfoy so if someone screen shot every mouse click the number pad would be black on the screenshot? don't trust it right now. bad idea.
Because hackers have remote screenshot capture programs that will take hundreds of screencaps in hopes of possibly finding the few times per 24hrs you happen to be typing in your PIN code?
Lets see. You need to have a specific type of inflitration virus to get remote screencap access. Then you have to program the virus to take thousands of screen caps to cover the time you might put in your pin. Then you have to sift through hundreds, if not thousands of screencaps looking for the few frames you need.
You're just paranoid.
|
Soon Shin
|
Posted - 2010.03.02 04:09:00 -
[12]
Indeed, if you had a spyware or a virus that took screen shots every couple of seconds or even half a minute I'm pretty sure most would notice a slowdown in their computer and performance. Screen shots take up a considerably more amount of size compared a couple of texts.
And if you had something like that on your computer, your Eve Account would most likely be the least of your worries.
I agree with the OP you're being much too paranoid.
This keypad mouse clicking is much more safer than entering with your keyboard.
|
Spruillo
|
Posted - 2010.03.02 04:29:00 -
[13]
CCP probably encourages account hacking for isk sales. But only by ccp employees
|
Jerid Verges
|
Posted - 2010.03.02 05:17:00 -
[14]
Originally by: Spruillo CCP probably encourages account hacking for isk sales. But only by ccp employees
And 9/11 was the government's fault. Yeah yeah, heard it all before.
|
Valandril
Caldari Ex-Mortis
|
Posted - 2010.03.02 06:07:00 -
[15]
Originally by: Soon Shin
Originally by: Valandril Yea.... no If he will steal your password, he will get your "code" too, using "virtual keypad" doesn't change anything.
Wrong. You are not typing the code. A number pad appears on the client, you click on the numbers on your mouse to enter the pin. Keyloggers won't be able to read stuff from mouse clicking.
WTS basic knownledge on how this virtual keypad works and how "hard" it will be read the buttons you've clicked. And no, it doesn't have to take screenshots.
|
mchief117
|
Posted - 2010.03.02 16:40:00 -
[16]
Originally by: Valandril
Originally by: Soon Shin
Originally by: Valandril Yea.... no If he will steal your password, he will get your "code" too, using "virtual keypad" doesn't change anything.
Wrong. You are not typing the code. A number pad appears on the client, you click on the numbers on your mouse to enter the pin. Keyloggers won't be able to read stuff from mouse clicking.
WTS basic knownledge on how this virtual keypad works and how "hard" it will be read the buttons you've clicked. And no, it doesn't have to take screenshots.
unless your some computer programer at microsoft who can write one of these your sounding like a thief more by the minute.
a key loggers is one thing , it simply writes down every key you type and then at some time sends it to a certain ip address or waits to be picked up( for hard ware versions). the amount of programing involved in creating a program that can both interface with another program and then read at spesific times what some one is cliking in exact cordanates is generaly beyond most programers time and money. they implemented something like this in runescape and as far as i know it has yet to be broken.
|
Valandril
Caldari Ex-Mortis
|
Posted - 2010.03.02 16:56:00 -
[17]
Originally by: mchief117
Originally by: Valandril
Originally by: Soon Shin
Originally by: Valandril Yea.... no If he will steal your password, he will get your "code" too, using "virtual keypad" doesn't change anything.
Wrong. You are not typing the code. A number pad appears on the client, you click on the numbers on your mouse to enter the pin. Keyloggers won't be able to read stuff from mouse clicking.
WTS basic knownledge on how this virtual keypad works and how "hard" it will be read the buttons you've clicked. And no, it doesn't have to take screenshots.
unless your some computer programer at microsoft who can write one of these your sounding like a thief more by the minute.
a key loggers is one thing , it simply writes down every key you type and then at some time sends it to a certain ip address or waits to be picked up( for hard ware versions). the amount of programing involved in creating a program that can both interface with another program and then read at spesific times what some one is cliking in exact cordanates is generaly beyond most programers time and money. they implemented something like this in runescape and as far as i know it has yet to be broken.
Or simply a guy who is a programmer and works a lot with security on the other end.
And it is very easy to break for someone who got basic idea of what is he doing, sure it's more than keylogged but stealing stuff from mmos brings a lot of cash, enought to hire good programmers.
|
Daedalus II
|
Posted - 2010.03.02 17:44:00 -
[18]
To simplify this, couldn't we just move the keypad out into the login screen?
First you login like normal, then the keypad appears at a random place on the screen, possibly with the numbers moved around, and it would only take mouse clicks.
Optional, can be disabled in settings.
|
Mag's
the united Negative Ten.
|
Posted - 2010.03.02 18:12:00 -
[19]
I would prefer something like this idea posted some time ago.
In-game stuff is too open for abuse, I'd rather they never got in there at all.
|
Valandril
Caldari Ex-Mortis
|
Posted - 2010.03.02 18:17:00 -
[20]
Originally by: Mag's I would prefer something like this idea posted some time ago.
In-game stuff is too open for abuse, I'd rather they never got in there at all.
It all only gives your fake feeling of security, if you will keep downloading lesbians.exe or access important stuff from net-caffee, you will get hacked.
|
|
Mag's
the united Negative Ten.
|
Posted - 2010.03.02 18:28:00 -
[21]
Edited by: Mag''s on 02/03/2010 18:33:02
Originally by: Valandril
Originally by: Mag's I would prefer something like this idea posted some time ago.
In-game stuff is too open for abuse, I'd rather they never got in there at all.
It all only gives your fake feeling of security, if you will keep downloading lesbians.exe or access important stuff from net-caffee, you will get hacked.
A hardware based authenticator removes the chance of being hacked, there's no fake feeling about it.
Edit: Plus if you read the thread, it's already been put forward by the CSM. Linkage
|
Valandril
Caldari Ex-Mortis
|
Posted - 2010.03.02 18:41:00 -
[22]
Originally by: Mag's Edited by: Mag''s on 02/03/2010 18:33:02
Originally by: Valandril
Originally by: Mag's I would prefer something like this idea posted some time ago.
In-game stuff is too open for abuse, I'd rather they never got in there at all.
It all only gives your fake feeling of security, if you will keep downloading lesbians.exe or access important stuff from net-caffee, you will get hacked.
A hardware based authenticator removes the chance of being hacked, there's no fake feeling about it.
Edit: Plus if you read the thread, it's already been put forward by the CSM. Linkage
Wanna bet ?
|
Mag's
the united Negative Ten.
|
Posted - 2010.03.02 18:48:00 -
[23]
Originally by: Valandril
Wanna bet ?
Nothing is 100%, is that horse you're on a tall one?
|
Valandril
Caldari Ex-Mortis
|
Posted - 2010.03.02 18:53:00 -
[24]
Originally by: Mag's
Originally by: Valandril
Wanna bet ?
Nothing is 100%, is that horse you're on a tall one?
No, it's that i can break your unhackable account with same lesbians.exe, will take me maybe 1-2 hours of extra work.
|
Mag's
the united Negative Ten.
|
Posted - 2010.03.02 18:54:00 -
[25]
Must be a Shire.
|
|
|
|
Pages: [1] :: one page |
First page | Previous page | Next page | Last page |